Fix escaping of JOSM icons and colors

2 files changed, 5 insertions, 5 deletions

diff --git a/web/lib/utils.rb b/web/lib/utils.rb
index c220913..846d39f 100644
--- a/web/lib/utils.rb
+++ b/web/lib/utils.rb
@@ -176,10 +176,10 @@ def get_josm_style_rules_result(total, res)
             :value      => row['v'],
             :value_bool => row['b'],
             :rule       => row['rule'],
-            :area_color => row['area_color'] ? h(row['area_color'].sub(/^.*#/, '#')) : '',
-            :line_color => row['line_color'] ? h(row['line_color'].sub(/^.*#/, '#')) : '',
+            :area_color => row['area_color'] ? row['area_color'].sub(/^.*#/, '#') : '',
+            :line_color => row['line_color'] ? row['line_color'].sub(/^.*#/, '#') : '',
             :line_width => row['line_width'] ? row['line_width'].to_i : 0,
-            :icon       => row['icon_source'] && row['icon_source'] != 'misc/deprecated.png' && row['icon_source'] != 'misc/no_icon.png' ? h(row['icon_source']) : ''
+            :icon       => row['icon_source'] && row['icon_source'] != 'misc/deprecated.png' && row['icon_source'] != 'misc/no_icon.png' ? row['icon_source'] : ''
         } }
     }.to_json
 end
diff --git a/web/public/js/taginfo.js b/web/public/js/taginfo.js
index 8afdb50..ac9d6af 100644
--- a/web/public/js/taginfo.js
+++ b/web/public/js/taginfo.js
@@ -321,7 +321,7 @@ function fmt_josm_line(width, color) {
     var inner = '';
     if (width > 0) {
         inner = tag('div', '', {
-            title: color,
+            title: html_escape(color),
             style: style({ height: width + 'px', 'margin-top': (10 - Math.round(width/2)) + 'px', padding: 0, 'background-color': color })
         });
     }
@@ -333,7 +333,7 @@ function fmt_josm_area(color) {
 
     return tag('div', '', {
         title: html_escape(color),
-        style: style({ height: '18px', 'background-color': html_escape(color) })
+        style: style({ height: '18px', 'background-color': color })
     });
 }